Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Use of authentication information to make routing decisions

a technology of routing decision and authentication information, applied in the field of computer network, managed service, user authentication and packet routing decision, can solve problems such as inability to distinguish users from one another

Inactive Publication Date: 2010-05-20
FORTINET
View PDF18 Cites 56 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The patent describes a system and method for authenticating users and directing traffic flows in a network. The system includes an authentication server and a network device fronting the network. The network device has one or more processors and a storage device with authentication handler routines for authenticating users and establishing appropriate service connections. The system uses an augmented authentication database with routing information for multiple users to route traffic flows associated with them to appropriate virtual networks. The network device creates a routing entry based on the received routing information to establish a connection for the authenticated user. The technical effect of this invention is to enhance security and efficiency in directing traffic flows in a network.

Problems solved by technology

One issue facing service providers and network providers wishing to provide value added services, such as security services, is that their customers have access into their infrastructure from anywhere in the world and from any network in the world.
As a result, on the Transmission Control Protocol (TCP) / Internet Protocol (IP) side of things, these users cannot be distinguished from one another.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Use of authentication information to make routing decisions
  • Use of authentication information to make routing decisions
  • Use of authentication information to make routing decisions

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018]Apparatus and methods are described for making routing decisions based on user authentication results. According to one embodiment, information returned in a RADIUS authentication result (i.e., a RADIUS Access-Accept packet) may be used to create an appropriate routing entry appropriate for the authenticated user. For example, the RADIUS authentication database may be augmented with information regarding a virtual network and / or network interface to which traffic flow associated with authenticated users should be routed, which is returned to the authentication requestor (e.g., a gateway) with successful authentication requests. The gateway may then establish a routing entry for the authenticated user's source IP address that causes subsequent traffic from the user's source IP address to be forwarded to an appropriate output interface of the gateway as indicated by the authentication result.

[0019]In the following description, for the purposes of explanation, numerous specific d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Methods and systems for utilizing authentication attributes to determine how to direct traffic flows are provided. According to one embodiment, a program storage device readable by a network device associated with a service provider is provided. The program storage device tangibly embodies a program of instructions executable by a processor of the network device to perform method steps for authenticating users and establishing appropriate service sessions. An end user from whom a connection request is received is caused to be prompted for login credentials. The received login credentials are then caused to be authenticated by an authentication server. Responsive to successful authentication, a service session is established for the end user and customer separation is maintained among the multiple customers by creating a routing entry, according to which subsequent packets associated with the service session are routed, based on authentication attributes returned by the authentication server.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS [0001]This application is a continuation of U.S. patent application Ser. No. 11 / 774,575, filed on Jul. 7, 2007, which claims the benefit of U.S. Provisional Application No. 60 / 820,945 filed on Jul. 31, 2006, both of which are hereby incorporated by reference in their entirety for all purposes.COPYRIGHT NOTICE[0002]Contained herein is material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction of the patent disclosure by any person as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all rights to the copyright whatsoever. Copyright © 2006-2009, Fortinet Inc.BACKGROUND[0003]1. Field[0004]Embodiments of the present invention relate generally to computer networks, managed services, user authentication and packet routing decisions. More particularly, embodiments of the present invention relate to distinguishing among users based on authentication r...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): H04L9/32G06F21/00G06F15/173
CPCH04L63/0272H04L63/0892H04L63/08
Inventor DUBUC, YANNICKROZHAVSKY, MICHAELLEE, RANDY
Owner FORTINET
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products